Privacy Policy

Last Updated: 2025-12-18

ScanQR ("we," "us," or "our") is committed to protecting your personal information and complies with Japan's Act on the Protection of Personal Information (APPI). This Privacy Policy explains how we collect, use, and protect personal information through our QR code attendance management service "ScanQR" ("the Service").

1. Personal Information We Collect

We collect the following personal information to provide the Service:

1.1 Member Information

• Name (Japanese and English)
• Email address
• Phone number (optional)
• Photo (optional, for ID cards)
• Member number and QR code

1.2 Attendance Records

• Check-in and check-out timestamps
• Scan location (if geolocation is enabled)
• Device information used for scanning

1.3 Administrator Account Information

• Name
• Email address
• Password (stored encrypted)

2. Purpose of Use

We use collected personal information only for the following purposes:

• Providing attendance and check-in/out management services
• Issuing member ID cards
• Sending notifications to parents/guardians and administrators (push notifications, email)
• Improving the Service and developing new features
• Responding to inquiries
• Sending important service announcements

3. Third-Party Disclosure

We do not disclose your personal information to third parties except in the following cases:

• With your consent
• When required by law
• When necessary to protect life, body, or property
• To service providers necessary for operating the Service (see below)

3.1 Service Providers

Provider	Purpose	Location
Brevo (Sendinblue)	Email delivery	France (EU GDPR compliant)
Cloudflare	Security and CDN	United States
Kamatera	Server hosting	Japan (Tokyo region)

4. Security Measures

We implement the following security measures to prevent leakage, loss, or damage to personal information:

• SSL/TLS encrypted communications
• bcrypt password encryption
• Firewall access controls
• Intrusion detection and prevention (Fail2Ban)
• Regular security audits
• Access logging and monitoring
• Employee security training

5. Data Retention Period

Data Type	Retention Period
Member information	1 year after contract termination
Attendance records	3 years from record date
Access logs	90 days

6. Your Rights

Under the APPI, you have the following rights:

• Right to Access: Request disclosure of your personal information we hold
• Right to Correction: Request correction of inaccurate personal information
• Right to Deletion: Request deletion of your personal information
• Right to Cease Use: Request that we stop using your personal information

To exercise these rights, please contact us using the information below. We will verify your identity and respond within a reasonable timeframe.

7. Cookies and Similar Technologies

The Service uses cookies for the following purposes:

• Maintaining login sessions
• Saving language preferences
• Enhancing security

We do not use advertising or tracking cookies.

8. Children's Personal Information

The Service is designed for use by educational institutions and may handle personal information of minors. Personal information of minors is collected and managed with the consent of parents/guardians or educational institutions.

9. Data Breach Response

In the event of a personal data breach, or suspected breach, we will:

• Promptly investigate the facts
• Identify the scope of impact
• Report to the Personal Information Protection Commission (when required by law)
• Notify affected individuals
• Develop and implement measures to prevent recurrence

10. Changes to This Policy

We may update this Privacy Policy due to changes in laws or service improvements. We will notify users of significant changes through the Service.

← Back to Login